<?php
/**
 * 修改密码页面
 * 相对路径: usr/pass.php
 * 作者: 15058593138@qq.com
 */

// 处理Ajax修改密码请求
if (isset($_GET['act']) && $_GET['act'] === 'change') {
    $oldPwd = isset($_POST['old_pwd']) ? $_POST['old_pwd'] : '';
    $newPwd = isset($_POST['new_pwd']) ? $_POST['new_pwd'] : '';
    $confirmPwd = isset($_POST['confirm_pwd']) ? $_POST['confirm_pwd'] : '';
    
    if (empty($oldPwd) || empty($newPwd) || empty($confirmPwd)) {
        jsonMsg(0, '请填写完整信息');
    }
    
    if ($newPwd !== $confirmPwd) {
        jsonMsg(0, '两次输入的新密码不一致');
    }
    
    if (strlen($newPwd) < 6) {
        jsonMsg(0, '新密码长度不能少于6位');
    }
    
    $userId = $_SESSION['user_id'];
    $db = new DB();
    $userTable = TB_PREFIX . 'user';
    
    // 验证旧密码
    $oldPwdHash = pwdHash($oldPwd);
    $sql = "SELECT * FROM `{$userTable}` WHERE `id` = {$userId} AND `密码` = '{$oldPwdHash}'";
    if (!$db->getRow($sql)) {
        $db->close();
        jsonMsg(0, '旧密码错误');
    }
    
    // 更新密码
    $newPwdHash = pwdHash($newPwd);
    $result = $db->update($userTable, [
        '密码' => $newPwdHash,
        '改密时间' => date('Y-m-d H:i:s')
    ], "`id` = {$userId}");
    
    $db->close();
    
    if ($result) {
        jsonMsg(1, '密码修改成功，请重新登录', ['redirect' => 'index.php?do=lgout']);
    } else {
        jsonMsg(0, '密码修改失败');
    }
}

require_once './inc/head.php';
?>

<div class="container">
    <div class="table-wrapper">
        <div style="padding:30px;">
            <h3 style="margin-bottom:20px;">修改密码</h3>
            
            <form id="passForm" style="max-width:500px;">
                <div class="form-group">
                    <label>旧密码</label>
                    <input type="password" name="old_pwd" class="form-control" placeholder="请输入旧密码" required>
                </div>
                
                <div class="form-group">
                    <label>新密码</label>
                    <input type="password" name="new_pwd" class="form-control" placeholder="请输入新密码（至少6位）" required>
                </div>
                
                <div class="form-group">
                    <label>确认新密码</label>
                    <input type="password" name="confirm_pwd" class="form-control" placeholder="请再次输入新密码" required>
                </div>
                
                <div class="form-group">
                    <button type="submit" class="btn btn-primary">确认修改</button>
                    <button type="reset" class="btn btn-secondary" style="margin-left:10px;">重置</button>
                </div>
            </form>
        </div>
    </div>
</div>

<script>
    document.getElementById('passForm').onsubmit = function(e) {
        e.preventDefault();
        
        const formData = getFormData('passForm');
        
        ajax('index.php?do=pass&act=change', formData, function(res) {
            if (res.code === 1) {
                toast(res.msg, 'success');
                setTimeout(() => {
                    window.location.href = res.data.redirect;
                }, 1500);
            } else {
                toast(res.msg, 'error');
            }
        });
    };
</script>

<?php require_once './inc/foot.php'; ?>